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-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address- 

All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed in due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1.313 and MPEP 1308. 

1 . £<] This communication is responsive to Telephone interview on 07/20/2005 and 07/21/2005 . 

2. The allowed claim(s) is/are 1-27 . 

3. ^ The drawings filed on 18 March 2005 are accepted by the Examiner. 

4. □ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a) □ All b) □ Some* c) □ None of the: 

1. □ Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 

3. □ Copies of the certified copies of the priority documents have been received in this national stage application from the 

International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
THIS THREE-MONTH PERIOD IS NOT EXTENDABLE. 

5. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 

INFORMAL PATENT APPLICATION (PTO-1 52) which gives reason(s) why the oath or declaration is deficient. 

6. □ CORRECTED DRAWINGS ( as "replacement sheets") must be submitted. 

(a) □ including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 

1) □ hereto or 2) □ to Paper No./Mail Date . 

(b) □ including changes required by the attached Examiner's Amendment / Comment or in the Office action of 

Paper No./Mail Date . 

Identifying indicia such as the application number (see 37 CFR 1.84(c)) should be written on the drawings in the front (not the back) of 
each sheet. Replacement sheet(s) should be labeled as such in the header according to 37 CFR 1.121(d). 

7. □ DEPOSIT OF and/or INFORMATION about the deposit of BIOLOGICAL MATERIAL must be submitted. Note the 

attached Examiner's comment regarding REQUIREMENT FOR THE DEPOSIT OF BIOLOGICAL MATERIAL. 



Attachment(s) 

1. □ Notice of References Cited (PTO-892) 

2. □ Notice of Draftperson's Patent Drawing Review (PTO-948) 

3. □ Information Disclosure Statements (PTO-1 449 or PTO/SB/08), 

Paper No./Mail Date 

4. □ Examiner's Comment Regarding Requirement for Deposit 

of Biological Material 



5. □ Notice of Informal Patent Application (PTO-152) 

6. E3 Interview Summary (PTO-41 3), 

Paper No./Mail Date . 

7. ^ Examiner's Amendment/Comment 

8. □ Examiner's Statement of Reasons for Allowance 

9. □ Other . 
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DETAILED ACTION 

EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided by 
37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no 
later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Mr. Eustace P. Isidore, (Registration No 56,104) on 07/21/2005. The amended claims 
have been faxed and emailed to the examiner on July 21, 2005 by the applicant. 

The application has been amended as follows : 
In the claims: 

9. (currently amended) A system for providing secure access to console functions of a 
computer syste m, said system comprising logic encoded on a computer readable medium that 
when executed on a console device provides the following functions [[for]] : 

initiating a first EKE sequence between [[a]] the console device and a network-accessible 
system to authenticate the console device as being authorized to connect to the network- 
accessible system to allow user access to the network-accessible system, wherein the first EKE 
sequence includes checking whether a device shared secret generated during a set-up of the 
console device with the network-accessible system matches an associated shared secret stored 
on the network- accessible system to which a console operation is desired enabled; 

when the device shared secret matches the associated shared secret, initiating a second 
EKE sequence between the console device and the network-accessible system to authenticate a 
userlD and password of the user of the console device; and 

preventing access to the network-accessible system when either the first EKE sequence 
or the second EKE sequence fails to authenticate, wherein a dual authentication procedure is 
implemented before any access is permitted by a user to the network-accessible system. 
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10. (currently amended) The system of Claim 9, further comprising^ 

logic encoded on a computer readable medium that when executed on the console 
device provides the following flmction fffor]]: 

generating the device shared secret via an initial EKE sequence utilising a default device 
identifier and associated default shared secret during an initial setup of the console device for 
connecting to the network-accessible system, wherein said device shared secret is utilized in 
place of said default device shared secret in subsequent console authentication procedures; 
and 

logic encoded on the computer readable medium that when executed on the network- 
accessible system provides the following functions: 

storing said device shared secret within a secure storage location of said network- 
accessible system; and 

passing a copy of the device shared secret to the console device for secure storage 
therein, wherein said device shared secret is stored in a secure location on said console device 
and utilized along with a device ID of the console device during each subsequent connection of 
said console device to said network-accessible system. 

11. (currently amended) The system of Claim 10, further comprising logic encoded on a 
computer readable medium that when executed on the console device provides the functions 
of[[for]] encrypting and decrypting a console operator's authentication data flowing between 
said console device and said network-accessible system utilizing a value selected from among 
said shared secret and a hash of said shared secret. 

12. (currently amended) The system of Claim 10, further comprising logic encoded on a 
computer readable medium that when executed on the console device provides the functions of 
[[for]] encrypting and decrypting subsequent session data flowing between said console device 
and said network-accessible system utilizing a value selected from among a second secret 
generated by the second EKE sequence or a hash of said second secret. 

13. (currently amended) The system of Claim 10, further comprising logic encoded on a 
computer readable medium that when executed on the console device provides the following 
ftmctions[[for]]: 

responsive to an establishment of a first console session that authenticates said console 
device, instantiating a second EKE sequence to authenticate a console operator utilizing a 
default user identifier and password; 
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enabling an update of the default user identifier and password to a new user identifier 
and password; and 

storing said new user identifier and password in a secure storage location of said 
network-accessible system only, wherein said new user identifier and password are not stored 
on the console device. 

14. (currently amended) The system of Claim 13, further comprising logic encoded on a 
computer readable medium that when executed on the console device provides, the following 
functions [[for]] : 

enabling a setup of multiple device identifiers and authorization levels for other devices 
to act as console devices; 

storing said multiple device identifiers and authorization levels in said secure storage 
location; wherein said setup and storing of device identifiers and authorization levels are 
completed by an administrator of the network- accessible system; and 

enabling multiple console sessions for different systems on a single console device. 

15. (currently amended) The system of Claim 13, further comprising logic encoded on a 
computer readable medium that when executed on the console device provides the following 
functions [[for]] : 

enabling a setup of multiple operator user identifiers and associated passwords and 
authorization levels for other console operators to access console functions of the system; and 

storing said multiple operator user identifiers and associated passwords and 
authorization levels in said secure storage location; 

wherein said setup and storing of operator user identifiers, associated passwords and 
authorization levels are completed by an administrator of the network- accessible system. 

16. (currently amended) The system of Claim 10, wherein said logic encoded on a computer 
readable medium for providing the function of passing a copy of the device shared secret 
further comprises logic that when executed on the console device provides one of the following 
functions[[ for one of]]: 

when the console device includes an embedded smart chip, storing the copy of the 
device shared secret within the embedded smart chip, wherein the device shared secret is 
encrypted and maintained in a physically secure storage; and 
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storing the copy of the device shared secret in encrypted format within the secure memory 



region of the console device, wherein said encrypted format utilizes a key generated from an 
operator- specified password. 



Any inquiry concerning this communication or earlier communications from the examiner should be 
directed to Samson B Lemma whose telephone number is 571-272-3806. The examiner can normally 
be reached on Monday-Friday (8:00 am — 4: 30 pm). 



BARRON JR GILBERTO can be reached on 571-272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be 
obtained from either Private PAIR or Public PAIR. Status information for unpublished applications 
is available through Private PAIR only. For more information about the PAIR system, see 
http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, 
contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Conclusion 



If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 



07/21/2005 



SAMSON LEMMA 



GILBERTO BARRON ->fU 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 
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